Quick question. I am configuring VPN clients on an ASA box and for the vpn pool I would like to know does the ASA box use its own address on behalf of the clients for communication with internal networks or do I need to add a route to the vpn pool on an internal router (ASA box is not the default gateway)
remote pc encrypts the packet destined for the lan behind the asa. asa receives the packet, decrypts it and try to determine the next hop. so as long as asa has a route to the destination/lan, the remote vpn access will work.
e.g. remote pc <--> vpn <--> asa <--> net1 <--> rt <--> net2
for remote pc to access net1 via vpn, no route is required as net1 is directly connected to asa. alternatively, for remote pc to access net2 via vpn, a route pointing to rt for net2 is required on asa.
So you are saying is that the internal networks only need a route to my ASA (and my ASA needs static routes to all my Internal networks).
This is the case I can ping anything on the internal network from the ASA.
My vpn client config is exactly the same as above except that I have a Checkpoint Firewall in front of the ASA. The ASA has a private IP network address off a specific Interface of the Checkpoint. The Checkpoint has an external IP address published for the ASA.
I can connect (even authenticate to Cisco ACS which in turn is pointing to AD) but that's it.......Not suer if its a problem with all the nat gateways....I have Nat T switched on also.....any thoughts appreciated.....
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...